CVE-2024-29734

Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN40367518/
https://jvn.jp/en/jp/JVN40367518/

Configurations

No configuration.

History

21 Nov 2024, 09:08

Type	Values Removed	Values Added
References	~~() https://jvn.jp/en/jp/JVN40367518/ -~~	() https://jvn.jp/en/jp/JVN40367518/ -

31 Oct 2024, 14:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-427

03 Apr 2024, 12:38

Type	Values Removed	Values Added
Summary		(es) Existe un problema de elemento de ruta de búsqueda no controlado en SonicDICOM Media Viewer 2.3.2 y versiones anteriores, lo que puede provocar que las bibliotecas de vínculos dinámicos se carguen de forma insegura. Como resultado, se puede ejecutar código arbitrario con los privilegios de la aplicación en ejecución.

03 Apr 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-03 08:15

Updated : 2024-11-21 09:08

NVD link : CVE-2024-29734

Mitre link : CVE-2024-29734

CVE.ORG link : CVE-2024-29734

JSON object : View

Products Affected

No product.

CWE

CWE-427

Uncontrolled Search Path Element

7.8 /10